# coding:utf-8
class Admin < ActiveRecord::Base
  has_paper_trail :version => :paper_trail_version, :versions => :paper_trail_versions
  # Include default devise modules. Others available are:
  # :token_authenticatable, :confirmable,
  # :lockable, :timeoutable and :omniauthable
  devise :database_authenticatable, :registerable,
         :recoverable, :rememberable, :trackable, :validatable

  # Setup accessible (or protected) attributes for your model
  attr_accessible :email, :password, :password_confirmation, :remember_me
  # attr_accessible :title, :body

  scope :desc, order("created_at DESC")

  has_many :user_groupships, :foreign_key => "user_id"
  has_many :groups, :through => :user_groupships
  has_many :zone_permissions, :dependent => :destroy

  def group_names
    self.groups.present? ? self.groups.map(&:name).join(" ") : "未分组"
  end

  # The permission for the zone ancestors
  def can_access?(entity)
    return true if self.global?
    return !!permission_of_entity(entity)
  end

  def can_see?(entity)
    return true if can_access?(entity)
    case entity
    when Province
      return entity.cities.any?{|i| !!permission_of_entity(i) }
    when City
      return entity.terminal_groups.any?{|i| !!permission_of_entity(i) }
    end
    return false
  end

  def permission_of_entity(entity)
    ZonePermission.exists?(["admin_id = ? and entity = ? and entity_id = ?",self.id,entity.class.name,entity.id])
  end

  def god?
    groups.map(&:name).include?("Administration")
  end

  def global?
    return true if self.god?
    return true if groups.map(&:name).include?("Global")
  end

  def can? url_hash
    can_do?(url_hash)
  end
  
  def can_do?(actionHash,session = nil)
    return true if self.god?
    flag = nil

    for group in self.groups
      for perm in group.permissions
        unless flag
          if perm.matches(actionHash, session, group, self)
            flag = true
          elsif perm.matches(actionHash, session, group, self) and perm.level <= 0
            flag = false
          end
        end
      end
      unless flag
        res =  can_do_subs?(group, actionHash, session, false)
        flag = res if res
      end
    end

    return !!flag
  end
  
  def can_do_subs?(group, actionHash, session, found)
    for sub_group in group.child_groups
      return true if sub_group.name == "Administration"
      for subpermission in sub_group.permissions
        unless found
          passes = subpermission.matches(actionHash, session, sub_group, self)
          if passes and subpermission.level > 0
            found = true
          elsif passes and subpermission.level <= 0
            found = false
          end
        end
      end
      unless found
        found = can_do_subs?(sub_group, actionHash, session, found)
      end
    end
    return !!found
  end
  
  def can_visit?(link)
    action = {}
    ActionController::Routing::Routes.recognize_path(link).each do |key,val|
      action[key.to_s] = val
    end
    return self.can_do?(action)
  end
 

end
